CVE-2024-26482

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26482

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26482.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26482

Downstream

SUSE-SU-2024:2571-1

Related

SUSE-SU-2024:2571-1

Withdrawn

2024-02-26T18:41:44Z

Published

2024-02-22T05:15:09Z

Modified

2025-08-26T17:56:39.280091Z

Summary

[none]

Details

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

References

https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4

Affected packages

Git / github.com/getkirby/kirby

Affected ranges

Type: GIT
Repo: https://github.com/getkirby/kirby
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2965c3124e3b141072a2d46c798a327dda710060

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.2-rc.1

3.0.3

3.0.3-rc.1

3.0.3-rc.2

3.0.3-rc.3

3.1.0

3.1.0-rc.1

3.1.1

3.1.2

3.1.2-rc.1

3.1.3

3.1.3-rc.1

3.1.4

3.1.4-rc.1

3.2.0

3.2.0-rc.1

3.2.0-rc.2

3.2.0-rc.3

3.2.0-rc.4

3.2.1

3.2.1-rc.1

3.2.2

3.2.3

3.2.3-rc.1

3.2.4

3.2.4-rc.1

3.2.5

3.2.5-rc.1

3.2.5-rc.2

3.3.0

3.3.0-rc.1

3.3.0-rc.2

3.3.0-rc.3

3.3.0-rc.4

3.3.0-rc.5

3.3.1

3.3.1-rc.1

3.3.2

3.3.2-rc.1

3.3.3

3.3.3-rc.1

3.3.4

3.3.4-rc.1

3.3.5

3.3.5-rc.1

3.3.6

3.4.0

3.4.0-rc.1

3.4.0-rc.2

3.4.0-rc.3

3.4.1

3.4.2

3.4.3

3.4.4

3.4.4-rc.1

3.4.5

3.5.0

3.5.0-rc.1

3.5.0-rc.2

3.5.0-rc.3

3.5.0-rc.4

3.5.0-rc.5

3.5.0-rc.6

3.5.0-rc.7

3.5.1

3.5.1-rc.1

3.5.2

3.5.2-rc.1

3.5.3

3.5.3.1

3.5.4

3.5.5

3.5.5-rc.1

3.5.6

3.5.6-rc.1

3.5.7

3.5.7-rc.1

3.5.7.1

3.6.0

3.6.0-alpha.1

3.6.0-alpha.2

3.6.0-alpha.3

3.6.0-alpha.4

3.6.0-beta.1

3.6.0-beta.2

3.6.0-beta.3

3.6.0-rc.1

3.6.0-rc.2

3.6.0-rc.3

3.6.0-rc.4

3.6.0-rc.5

3.6.1

3.6.1.1

3.6.2

3.6.2-rc.1

3.6.2-rc.2

3.6.2-rc.3

3.6.3

3.6.3-rc.1

3.6.3-rc.2

3.6.3.1

3.6.4

3.6.4-rc.1

3.6.5

3.6.5-rc.1

3.6.6

3.6.6-rc.1

3.7.0

3.7.0-rc.1

3.7.0-rc.2

3.7.0-rc.3

3.7.0.1

3.7.0.2

3.7.1

3.7.1-rc.1

3.7.2

3.7.2-rc.1

3.7.2.1

3.7.3

3.7.3-rc.1

3.7.4

3.7.4-rc.1

3.7.5

3.8.0

3.8.0-rc.1

3.8.0-rc.2

3.8.0-rc.3

3.8.1

3.8.1-rc.1

3.8.1.1

3.8.2

3.8.2-rc.1

3.8.3

3.8.3-rc.1

3.8.3-rc.2

3.8.4

3.9.0

3.9.0-rc.1

3.9.0-rc.2

3.9.1

3.9.1-rc.1

3.9.2

3.9.2-rc.1

3.9.3

3.9.3-rc.1

3.9.4

3.9.4-rc.1

3.9.5

3.9.5-rc.1

3.9.6

3.9.6-rc.1

3.9.6.1

3.9.7

3.9.7-rc.1

3.9.8

3.9.8-rc.1

4.*

4.0.0

4.0.0-alpha.1

4.0.0-alpha.2

4.0.0-alpha.3

4.0.0-alpha.4

4.0.0-alpha.5

4.0.0-alpha.6

4.0.0-alpha.7

4.0.0-beta.1

4.0.0-beta.2

4.0.0-beta.3

4.0.0-rc.1

4.0.0-rc.2

4.0.0-rc.3

4.0.0-rc.4

4.0.1

4.0.2

4.0.3

4.1.0

4.1.0-rc.1

4.1.0-rc.2

4.1.0-rc.3